Skip to main content
SpringerLink
Log in

The Role of the Development Process in Operating System Security

  • Conference paper
  • First Online:
Information Security (ISW 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1975))

Included in the following conference series:

Abstract

Increasing numbers of computer security vulnerabilities mean that, more than ever before, internetworked computers are at risk from attack. Unfortunately research to date has not found suitable solutions to these problems and therefore further work is required in order to understand what is necessary to develop secure systems. This study sought to explore the relationship between the development process and the security of the fielded system. Specifically an attempt was made to analyse the “real-world” security of three modern Unix systems and this was compared with the consideration of security during their development. The results not only show that a consideration of security at all phases of development leads to significantly more secure products, but also indicates the specific roles that each development phase plays in this process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ross Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.

    Article  Google Scholar 

  2. Richard Baskerville. Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(4):375–414, 1993.

    Article  Google Scholar 

  3. David E. Bell and Leonard J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corporation, Bedford, MA, 1973.

    Google Scholar 

  4. Silvana Castano, Giancarlo Martella, and Pierangela Samarati. A new approach to security system development. In Proceedings of the 1994 ACM SIGSAC on New Security Paradigms Workshop, pages 82–88, 1994.

    Google Scholar 

  5. Santosh Chokhani. Trusted products evaluation. Communications of the ACM, 35(7):64–76, 1992.

    Article  Google Scholar 

  6. Simson Garfinkel and Eugene Spafford. Practical Unix and Internet Security. O'Reilly & Associates, second edition, 1996.

    Google Scholar 

  7. Donald Mackenzie and Garrell Pottinger. Mathematics, technology, and trust: Formal verification, computer security and the U.S. military. IEEE Annals of the History of Computing, 19(3):41–59, 1997.

    Article  Google Scholar 

  8. John McLean. A comment on the “Basic Security Theorem” of Bell and LaPadula. Information Processing Letters, 20(2):67–70, 1985.

    Article  MathSciNet  Google Scholar 

  9. D. N. J. Mostert and S. H. von Solms. A technique to include computer security, safety, and resilience requirements as part of the requirements specification. Journal of Systems Software, 31:45–53, 1995.

    Article  Google Scholar 

  10. National Computer Security Center. NCSC-TG-002 Trusted Product Evaluations-A Guide for Vendors, 22 June 1990. “Bright Blue Book”, Available Online: http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.html

  11. Peter G. Neumann. Architectures and formal representations for secure systems. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, 2 October 1995. SRI Project 6401, Prepared for the US Department of Defense.

    Google Scholar 

  12. Christian Payne. Security Through Design as a Paradigm for Systems Development, 1999. Murdoch University, Perth, Western Australia.

    Google Scholar 

  13. Charles P. Pfleeger. Security in Computing. Prentice-Hall, Upper Saddle River, New Jersey, 1997.

    Google Scholar 

  14. Deborah Russell and G. T. Gangemi Sr. Computer Security Basics. O'Reilly & Associates, 1992.

    Google Scholar 

  15. Bruce Schneier. Why cryptography is harder than it looks. Online: http://www.counterpane.com/whycrypto.html, 1997.

  16. SecurityFocus.Com. BUGTRAQ VulDB Stats. Online: http://www.securityfocus.com/vdb/stats.html, May 2000.

  17. U. S. Department of Defense, Washington, D. C. Trusted Computer System Evaluation Criteria, 1985. DOD 5200.28-STD.

    Google Scholar 

  18. Chenxi Wang and William A. Wulf. Towards a framework for security measurement. In Proceedings of the 20th National Information Systems Security Conference, pages 522–533, 1997.

    Google Scholar 

  19. J. L. Whitten, L. D. Bentley, and V. M. Barlow. Systems Analysis and Design Methods. Irwin, 1994.

    Google Scholar 

  20. Hans U. Zoebelein. The Internet operating system counter. Online: http://leb.net/hzo/ioscount/, April 1999.

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Murdoch University, Murdoch 6150, Perth, Western Australia

    Christian Payne

Authors
  1. Christian Payne
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Karlsruhe University, Germany

    Gerhard Goos

  2. Cornell University, NY, USA

    Juris Hartmanis

  3. Utrecht University, The Netherlands

    Jan van Leeuwen

  4. School of Information Technology and Computer Science Center for Computer Security Research, Wollongong University, NSW 2522, Wollongong, Australia

    Josef Pieprzyk  & Jennifer Seberry  & 

  5. Faculty of Science Department of Information Science, Toho University, 2-2-1, Miyama, 274-8510, Chiba, Funabashi, Japan

    Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Payne, C. (2000). The Role of the Development Process in Operating System Security. In: Goos, G., Hartmanis, J., van Leeuwen, J., Pieprzyk, J., Seberry, J., Okamoto, E. (eds) Information Security. ISW 2000. Lecture Notes in Computer Science, vol 1975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44456-4_21

Download citation

  • DOI: https://doi.org/10.1007/3-540-44456-4_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41416-2

  • Online ISBN: 978-3-540-44456-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation